🔀 Merge master into develop (Hotfixes)

.github/workflows/merge.yml

@@ -260,6 +260,21 @@ jobs:
           echo "✅ Created and pushed tag: $NEW_TAG"
           echo "appcat-tag=$NEW_TAG" >> $GITHUB_OUTPUT
 
+      - name: Trigger Release Workflow
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            await github.rest.actions.createWorkflowDispatch({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              workflow_id: 'release.yml',
+              ref: 'master',
+              inputs: {
+                tag: '${{ steps.tag.outputs.appcat-tag }}'
+              }
+            });
+
       - name: Clone and patch component repo
         run: |
           COMPONENT_BRANCH="${{ needs.check-conditions.outputs.comp-feature-branch }}"
@@ -311,7 +326,7 @@ jobs:
           gh pr merge -R "$COMPONENT_REPO" ${{ needs.check-conditions.outputs.comp-pr-number }} --merge --delete-branch
 
   merge-hotfix-update-develop:
-    needs: merge-hotfix
+    needs: [merge-hotfix, check-conditions]
     runs-on: ubuntu-latest
     steps:
       - name: Create PR to merge master into develop in appcat repo
@@ -322,7 +337,7 @@ jobs:
             --repo "$APPCAT_REPO" \
             --base develop \
             --head master \
-            --reviewer ${{ needs.check-conditions.outputs.author }} \ \
+            --reviewer ${{ needs.check-conditions.outputs.author }} \
             --title "🔀 Merge master into develop (sync hotfixes)" \
             --body "This PR synchronizes the hotfixes from master back into develop." || true
 

.github/workflows/release.yml

@@ -4,6 +4,12 @@ on:
   push:
     tags:
       - "*"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to release'
+        required: true
+        type: string
 
 env:
   APP_NAME: appcat

pkg/comp-functions/functions/common/maintenance/maintenance.go

@@ -253,6 +253,10 @@ func (m *Maintenance) createMaintenanceJob(_ context.Context, cronSchedule strin
 			Name:  "RELEASE_MANAGEMENT_ENABLED",
 			Value: m.svc.Config.Data["releaseManagementEnabled"],
 		},
+		{
+			Name:  "MAINTENANCE_URL",
+			Value: m.svc.Config.Data["maintenanceURL"],
+		},
 	}
 
 	job := &batchv1.CronJob{

pkg/comp-functions/functions/vshnkeycloak/deploy.go

@@ -1090,7 +1090,7 @@ func copyKeycloakCredentials(comp *vshnv1.VSHNKeycloak, svc *runtime.ServiceRunt
 					Containers: []v1.Container{
 						{
 							Name:    "copyjob",
-							Image:   "bitnami/kubectl:latest",
+							Image:   svc.Config.Data["kubectl_image"],
 							Command: []string{"sh", "-c"},
 							Args:    []string{keycloakCredentialsCopyJobScript},
 							Env: []v1.EnvVar{

pkg/comp-functions/functions/vshnmariadb/mariadb_deploy.go

@@ -244,6 +244,20 @@ func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VS
 		}
 	}
 
+	if imageRepositoryPrefix := svc.Config.Data["imageRepositoryPrefix"]; imageRepositoryPrefix != "" {
+		if err := common.SetNestedObjectValue(values, []string{"image"}, map[string]any{
+			"repository": fmt.Sprintf("%s/mariadb-galera", imageRepositoryPrefix),
+		}); err != nil {
+			return nil, err
+		}
+
+		if err := common.SetNestedObjectValue(values, []string{"metrics", "image"}, map[string]any{
+			"repository": fmt.Sprintf("%s/mysqld-exporter", imageRepositoryPrefix),
+		}); err != nil {
+			return nil, err
+		}
+	}
+
 	return values, nil
 }
 

pkg/comp-functions/functions/vshnpostgres/postgresql_deploy.go

@@ -664,7 +664,7 @@ func createCopyJob(comp *vshnv1.VSHNPostgreSQL, svc *runtime.ServiceRuntime) err
 					Containers: []v1.Container{
 						{
 							Name:    "copyjob",
-							Image:   "bitnami/kubectl:latest",
+							Image:   svc.Config.Data["kubectl_image"],
 							Command: []string{"sh", "-c"},
 							Args:    []string{postgresqlCopyJobScript},
 							Env: []v1.EnvVar{

pkg/comp-functions/functions/vshnredis/backup.go

@@ -71,17 +71,17 @@ func updateRelease(ctx context.Context, svc *runtime.ServiceRuntime) error {
 	}
 
 	l.Info("Adding the PVC k8up annotations")
-	if err := backup.AddPVCAnnotationToValues(values, "master", "persistence", "annotations"); err != nil {
+	if err := backup.AddPVCAnnotationToValues(values, "replica", "persistence", "annotations"); err != nil {
 		return err
 	}
 
 	l.Info("Adding the Pod k8up annotations")
-	if err := backup.AddPodAnnotationToValues(values, "/scripts/backup.sh", ".tar", "master", "podAnnotations"); err != nil {
+	if err := backup.AddPodAnnotationToValues(values, "/scripts/backup.sh", ".tar", "replica", "podAnnotations"); err != nil {
 		return err
 	}
 
 	l.Info("Mounting CM into pod")
-	if err := backup.AddBackupCMToValues(values, []string{"master", "extraVolumes"}, []string{"master", "extraVolumeMounts"}); err != nil {
+	if err := backup.AddBackupCMToValues(values, []string{"replica", "extraVolumes"}, []string{"replica", "extraVolumeMounts"}); err != nil {
 		return err
 	}
 

pkg/comp-functions/functions/vshnredis/pvcresize.go

@@ -115,7 +115,7 @@ func ResizePVCs(ctx context.Context, comp *vshnv1.VSHNRedis, svc *runtime.Servic
 }
 
 func needReleasePatch(comp *vshnv1.VSHNRedis, values map[string]interface{}) (bool, *xfnproto.Result) {
-	releaseSizeValue, found, err := unstructured.NestedString(values, "master", "persistence", "size")
+	releaseSizeValue, found, err := unstructured.NestedString(values, "replica", "persistence", "size")
 	if !found {
 		return false, runtime.NewFatalResult(fmt.Errorf("disk size not found in release"))
 	}
@@ -178,12 +178,12 @@ func addDeletionJob(svc *runtime.ServiceRuntime, comp *vshnv1.VSHNRedis) error {
 					Containers: []corev1.Container{
 						{
 							Name:            "sts-deleter",
-							Image:           "bitnami/kubectl",
+							Image:           svc.Config.Data["kubectl_image"],
 							ImagePullPolicy: corev1.PullIfNotPresent,
 							Env: []corev1.EnvVar{
 								{
 									Name:  "STS_NAME",
-									Value: "redis-master",
+									Value: "redis-node",
 								},
 								{
 									Name:  "STS_NAMESPACE",
@@ -212,17 +212,17 @@ func addDeletionJob(svc *runtime.ServiceRuntime, comp *vshnv1.VSHNRedis) error {
 		},
 	}
 
-	return svc.SetDesiredKubeObject(job, comp.Name+"-sts-deleter")
+	return svc.SetDesiredKubeObject(job, comp.Name+"-sts-deleter", runtime.KubeOptionAllowDeletion)
 }
 
 func addStsObserver(svc *runtime.ServiceRuntime, comp *vshnv1.VSHNRedis) error {
 
 	statefulset := &appsv1.StatefulSet{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      "redis-master",
+			Name:      "redis-node",
 			Namespace: getInstanceNamespace(comp),
 		},
 	}
 
-	return svc.SetDesiredKubeObject(statefulset, comp.Name+"-sts-observer", runtime.KubeOptionObserve)
+	return svc.SetDesiredKubeObject(statefulset, comp.Name+"-sts-observer", runtime.KubeOptionObserve, runtime.KubeOptionAllowDeletion)
 }

pkg/comp-functions/functions/vshnredis/pvcresize_test.go

@@ -63,7 +63,7 @@ func Test_needReleasePatch(t *testing.T) {
 					},
 				},
 				values: map[string]interface{}{
-					"master": map[string]interface{}{
+					"replica": map[string]interface{}{
 						"persistence": map[string]interface{}{
 							"size": "15Gi",
 						},
@@ -85,7 +85,7 @@ func Test_needReleasePatch(t *testing.T) {
 					},
 				},
 				values: map[string]interface{}{
-					"master": map[string]interface{}{
+					"replica": map[string]interface{}{
 						"persistence": map[string]interface{}{
 							"size": "15Gi",
 						},
@@ -107,7 +107,7 @@ func Test_needReleasePatch(t *testing.T) {
 					},
 				},
 				values: map[string]interface{}{
-					"master": map[string]interface{}{
+					"replica": map[string]interface{}{
 						"persistence": map[string]interface{}{
 							"size": "15Gi",
 						},
@@ -130,7 +130,7 @@ func Test_needReleasePatch(t *testing.T) {
 					},
 				},
 				values: map[string]interface{}{
-					"master": map[string]interface{}{
+					"replica": map[string]interface{}{
 						"persistence": map[string]interface{}{
 							"size": "15Gi",
 						},
@@ -153,7 +153,7 @@ func Test_needReleasePatch(t *testing.T) {
 					},
 				},
 				values: map[string]interface{}{
-					"master": map[string]interface{}{
+					"replica": map[string]interface{}{
 						"persistence": map[string]interface{}{
 							"size": "foo",
 						},
@@ -176,7 +176,7 @@ func Test_needReleasePatch(t *testing.T) {
 					},
 				},
 				values: map[string]interface{}{
-					"master": map[string]interface{}{
+					"replica": map[string]interface{}{
 						"persistence": map[string]interface{}{},
 					},
 				},

pkg/comp-functions/functions/vshnredis/redis_deploy.go

@@ -273,6 +273,34 @@ func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VS
 	if registry := svc.Config.Data["imageRegistry"]; registry != "" {
 		_ = common.SetNestedObjectValue(values, []string{"global", "imageRegistry"}, registry)
 	}
+
+	if imageRepositoryPrefix := svc.Config.Data["imageRepositoryPrefix"]; imageRepositoryPrefix != "" {
+		if err := common.SetNestedObjectValue(values, []string{"image"}, map[string]any{
+			"repository": fmt.Sprintf("%s/redis", imageRepositoryPrefix),
+		}); err != nil {
+			return nil, err
+		}
+
+		if err := common.SetNestedObjectValue(values, []string{"sentinel", "image"}, map[string]any{
+			"repository": fmt.Sprintf("%s/redis-sentinel", imageRepositoryPrefix),
+		}); err != nil {
+			return nil, err
+		}
+
+		if err := common.SetNestedObjectValue(values, []string{"metrics", "image"}, map[string]any{
+			"repository": fmt.Sprintf("%s/redis-exporter", imageRepositoryPrefix),
+		}); err != nil {
+			return nil, err
+		}
+
+		if err := common.SetNestedObjectValue(values, []string{"kubectl", "image"}, map[string]any{
+			"repository": fmt.Sprintf("%s/kubectl", imageRepositoryPrefix),
+		}); err != nil {
+			return nil, err
+		}
+
+	}
+
 	return values, nil
 }
 
@@ -412,7 +440,7 @@ func migrateRedis(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1
 					Containers: []corev1.Container{
 						{
 							Name:    "migrationjob",
-							Image:   "bitnami/kubectl:latest",
+							Image:   svc.Config.Data["kubectl_image"],
 							Command: []string{"sh", "-c"},
 							Args:    []string{redisScalingScript},
 							Env: []corev1.EnvVar{

pkg/comp-functions/functions/vshnredis/restore.go

@@ -89,7 +89,7 @@ func addPrepareRestoreJob(ctx context.Context, comp *vshnv1.VSHNRedis, svc *runt
 					Containers: []corev1.Container{
 						{
 							Name:  "copyjob",
-							Image: "bitnami/kubectl:latest",
+							Image: svc.Config.Data["kubectl_image"],
 							Command: []string{
 								"bash",
 								"-c",
@@ -140,7 +140,7 @@ func addRestoreJob(ctx context.Context, comp *vshnv1.VSHNRedis, svc *runtime.Ser
 							Name: "data",
 							VolumeSource: corev1.VolumeSource{
 								PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{
-									ClaimName: "redis-data-redis-master-0",
+									ClaimName: "redis-data-redis-node-0",
 								},
 							},
 						},
@@ -236,6 +236,13 @@ func addRestoreJob(ctx context.Context, comp *vshnv1.VSHNRedis, svc *runtime.Ser
 		},
 	}
 
+	if !svc.GetBoolFromCompositionConfig("isOpenshift") {
+		fsGroup := int64(1001)
+		job.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{
+			FSGroup: &fsGroup,
+		}
+	}
+
 	return svc.SetDesiredKubeObject(job, restoreJobName)
 }
 
@@ -259,7 +266,7 @@ func addCleanUpJob(ctx context.Context, comp *vshnv1.VSHNRedis, svc *runtime.Ser
 					Containers: []corev1.Container{
 						{
 							Name:  "copyjob",
-							Image: "bitnami/kubectl:latest",
+							Image: svc.Config.Data["kubectl_image"],
 							Command: []string{
 								"bash",
 								"-c",

pkg/comp-functions/functions/vshnredis/script/cleanupRestore.sh

@@ -56,7 +56,7 @@ EOF
 fi
 echo "scaling up redis"
 
-kubectl -n "${TARGET_NAMESPACE}" scale statefulset redis-master --replicas "${NUM_REPLICAS}"
+kubectl -n "${TARGET_NAMESPACE}" scale statefulset redis-node --replicas "${NUM_REPLICAS}"
 
 echo "cleanup secret"
 

pkg/comp-functions/functions/vshnredis/script/prepRestore.sh

@@ -14,14 +14,14 @@ restic_password=$(kubectl -n "${source_namespace}" get secret k8up-repository-pa
 restic_repository=$(kubectl -n "${source_namespace}" get snapshots.k8up.io "${BACKUP_NAME}" -o jsonpath='{.spec.repository}')
 backup_path=$(kubectl -n "${source_namespace}" get snapshots.k8up.io "${BACKUP_NAME}" -o jsonpath='{.spec.paths[0]}')
 backup_name=$(kubectl -n "${source_namespace}" get snapshots.k8up.io "${BACKUP_NAME}" -o jsonpath='{.spec.id}')
-num_replicas=$(kubectl -n "${TARGET_NAMESPACE}" get statefulset redis-master -o jsonpath='{.spec.replicas}')
+num_replicas=$(kubectl -n "${TARGET_NAMESPACE}" get statefulset redis-node -o jsonpath='{.spec.replicas}')
 kubectl -n "${TARGET_NAMESPACE}" create secret generic "restore-credentials-${BACKUP_NAME}" --from-literal AWS_ACCESS_KEY_ID="${access_key}" --from-literal AWS_SECRET_ACCESS_KEY="${secret_key}" --from-literal RESTIC_PASSWORD="${restic_password}" --from-literal RESTIC_REPOSITORY="${restic_repository}" --from-literal BACKUP_PATH="${backup_path}" --from-literal BACKUP_NAME="${backup_name}"
 kubectl create secret generic "statefulset-replicas-${SOURCE_CLAIM_NAME}-${BACKUP_NAME}" --from-literal NUM_REPLICAS="${num_replicas}"
 echo "scaling down redis"
 
-until kubectl -n "${TARGET_NAMESPACE}" get statefulset redis-master > /dev/null 2>&1
+until kubectl -n "${TARGET_NAMESPACE}" get statefulset redis-node > /dev/null 2>&1
 do
   sleep 1
 done
 
-kubectl -n "${TARGET_NAMESPACE}" scale statefulset redis-master --replicas 0
+kubectl -n "${TARGET_NAMESPACE}" scale statefulset redis-node --replicas 0

pkg/comp-functions/functions/vshnredis/script/recreate.sh

@@ -19,15 +19,15 @@ if [[ $foundsize != "$size" ]]; then
   # deletion with orphan doesn't go through and the sts is stuck with an orphan finalizer.
   # So if the delete hasn't returned after 5s we forcefully patch away the finalizer.
   kubectl -n "$namespace" delete sts "$name" --cascade=orphan --ignore-not-found --wait=true --timeout 5s || true
-  kubectl -n "$namespace" patch sts redis-master -p '{"metadata":{"finalizers":null}}' || true
+  kubectl -n "$namespace" patch sts "$name" -p '{"metadata":{"finalizers":null}}' || true
   # Poke the release so it tries again to create the sts
   # We first set it to garbage to ensure that the release is in an invalid state, we use an invalid state so it doesn't
   # actually deploy anything.
   # Then we patch the right size to enforce an upgrade
   # This is necessary as provider-helm doesn't actually retry failed helm deployments unless the values change.
   echo "Triggering sts re-creation"
-  kubectl patch release "$release" --type merge -p "{\"spec\":{\"forProvider\":{\"values\":{\"master\":{\"persistence\":{\"size\":\"foo\"}}}}}}"
-  kubectl patch release "$release" --type merge -p "{\"spec\":{\"forProvider\":{\"values\":{\"master\":{\"persistence\":{\"size\":\"$size\"}}}}}}"
+  kubectl patch release "$release" --type merge -p "{\"spec\":{\"forProvider\":{\"values\":{\"replica\":{\"persistence\":{\"size\":\"foo\"}}}}}}"
+  kubectl patch release "$release" --type merge -p "{\"spec\":{\"forProvider\":{\"values\":{\"replica\":{\"persistence\":{\"size\":\"$size\"}}}}}}"
   count=0
   while ! kubectl -n "$namespace" get sts "$name" && [[ count -lt 300 ]]; do
     echo "waiting for sts to re-appear"

pkg/comp-functions/functions/vshnredis/script/restore.sh

@@ -2,10 +2,20 @@
 
 set -euo pipefail
 
-rm -rf /data/*
-restic dump "${BACKUP_NAME}" "${BACKUP_PATH}" > /data/restore.tar
-cd /data
-tar xvf restore.tar
-mv data/* .
-rmdir data
-rm restore.tar
+DEST="/data"
+
+echo "Starting restore process"
+
+echo "Removing existing files in ${DEST}"
+rm -rf "${DEST:?}/"*
+
+echo "Dumping restic backup '${BACKUP_NAME}' path '${BACKUP_PATH}' to ${DEST}/restore.tar"
+restic dump "${BACKUP_NAME}" "${BACKUP_PATH}" > "${DEST}/restore.tar"
+
+echo "Extracting files from restore.tar into ${DEST}"
+tar xvf "${DEST}/restore.tar" --strip-components=1 -C "${DEST}"
+
+echo "Removing temporary archive ${DEST}/restore.tar"
+rm "${DEST}/restore.tar"
+
+echo "Restore completed successfully"